600,000 infected Macs are found in a botnet

A RUSSIAN SECURITY FIRM says that it has stumbled upon a botnet that has hijacked an impressive 600,000 infected Mac computers.

The firm, called Dr Web, first said that it had found half a million infected computers but later upped the number in a tweeted message, where it added that some of the bots are in Cupertino.

In a blog post it said that it had studied the Trojan, called Backdoor.Flashback.39 and found it on over 550,000 machines. The firm found these around the world with around 12 per cent of the haul in the UK, 19 per cent in Canada and over 50 per cent in the US.

"Systems get infected with BackDoor.Flashback.39 after a user is redirected to a bogus site from a compromised resource or via a traffic distribution system," it said.

"JavaScript code is used to load a Java-applet containing an exploit. Doctor Web's virus analysts discovered a large number of web-sites containing the code."

Infected web sites are listed by the firm and most of them are in the .ru for Russia domain. They range from some related to films through streaming television services to something called Gangstasparadise.

It added that it had heard from "sources" that there might be four million compromised web pages on a Google SERP and cases of infection when visiting dlink.com.

Once onboard the Trojan will search for files that it can use to install itself, then it will generate a list of control servers and send a notification of success to the bot herder. Dr Web said that over time it will send consecutive queries to control server addresses.

There is some debate about the figures in the security industry, and in a message on Twitter F-Secure's Mikko Hyponnen linked to a report on the numbers with the rider, "We can't confirm or deny the figure."

@mikko, at this moment botnet Flashback over 600k, include 274 bots from Cupertino and special for you Mikko - 285 from Finland